MGASA-2020-0287

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0287.html

Import Source

https://advisories.mageia.org/MGASA-2020-0287.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0287

Related

CVE-2020-4067

Published

2020-07-10T08:01:08Z

Modified

2020-07-10T07:29:05Z

Summary

Updated coturn packages fix security vulnerability

Details

The updated package fixes a security vulnerability:

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. (CVE-2020-4067)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / coturn

Package

Name: coturn
Purl: pkg:rpm/mageia/coturn?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.0.7-2.4.mga7

Ecosystem specific

{
    "section": "core"
}